In Depth

The Seven Deadly Sins of Network Security

Companies that suffer serious network security breaches have almost always committed one (or all) of 7 deadly sins. Is your company guilty?

By Bill Brenner, Senior Editor

6. Lax logging, monitoring

The final item on the list involves the failure of many organizations to keep an eye on all the activity logs coming out of the various devices on the network. As McGann points out, a company must know what's going on in the network in order to secure it.

Ward agrees. "Log management is one of those issues that no one really likes to deal with," he says. "But since we're security professionals, we really need to dig into our log data and understand what's happening at all levels of the end-user chain."

7. Spurning the K.I.S.S. principle

It has been said that in the art of network security one must observe the K.I.S.S. principle -- "keep it simple, stupid," or "keep it simple for security." Unfortunately, networks are getting increasingly complex as companies bolt one device onto the next, often configuring things badly along the way.

Add the failure to segment certain parts of the network from other parts and you have a recipe for disaster.

"What can I say? Complexity is bad, very bad," Brush says.

Nick Puetz, director of data security at FishNet Security, says trusted networking is one of the founding concepts of IT security. However, while most companies will spend millions of dollars to secure their perimeter, "they don't take any time to segment their internal network."

As a result, it becomes impossible to get a grip on where sensitive data is flowing from one part of the network to the next. If you can't be certain where all the data is on the network, protecting it is exceedingly difficult. It's also the type of thing compliance auditors frown upon.

Other stories by Bill Brenner

• Email
• Print
• Comments
• Digg This
• SlashDot